A tool to analyze seccomp filters like seccomp-tools, written in C
-
Arch Linux users:
Install via AUR, build
ceccomppackage ⇒Or install via
archlinuxcnrepo if you have it set in youpacman.conf. -
Debian, Ubuntu or Kali users:
ceccomp is available with
aptnow if you are using distros below:
-
NixOS users:
@tesuji helps us submit a PR at NixOS, but it's blocked as nobody cares... If you like our software, please 👍 in NixOS/nixpkgs#462592 to help ceccomp into nixpkgs!
-
Stable installation:
Clone the whole repo, then run
./configure. Add--without-docflag if you don't haveasciidoctor, and add--without-i18nflag if you don't havegettextpackage.git clone https://github.com/dbgbgtf1/Ceccomp.git cd Ceccomp ./configure ./configure # run this again if Makefile is not generated make make install # install at /usr/bin
-
Testing installation:
Clone the whole repo, and then run
./configure --devmode.git clone https://github.com/dbgbgtf1/Ceccomp.git cd Ceccomp ./configure --devmode make
Run configure and make, then invoke scripts/check.sh from repo root. We expect the script could pass all checks.
If you find some checks failed, please submit an issue to report your case.
check.sh stops if any error occurs by default, you can override this behavior by adding a --tolerant flag,
which allows check.sh to run through the whole test.
To run the test, you need 3 extra packages: pkgconf (required by pkg-config), diffutils (required by diff)
and procps (required by pgrep and pkill).
Any Issue or Pr are welcome!
- seccomp-tools: The tool in Ruby inspires us to write ceccomp
- Bootswatch: Provides awesome css for html doc under MIT
- Linux kernel: Port some bpf checks
- Verstable: High-performance hash table implementation in C
- a5hash: High-performance hash implementation for short strings in C
Copyright (C) 2025-present, ceccomp contributors, distributed under GNU General Public License v3.0 or Later